Setting up SSO (Single Sign-on) for attendees

SSO (Single Sign-on) for attendees allows you to restrict access to Pigeonhole Live events to only those in your organisation. This helps prevent unauthorised access to information shared during your event and verify each attendee’s identity to enforce accountability. 

When you set up SSO to verify attendees' access to your Pigeonhole Live events, we will work with your Identity Provider (IdP) to import your attendees' name and email address. Once imported, attendees will be verified using that information and will not be able to alter the information by themselves. 

You can find attendees’ profiles under your Pigeonhole Insights once they access an event on Pigeonhole Live.

Appointing an SSO Administrator 

Appoint an SSO Administrator and inform your account manager of the appointed SSO administrator. The SSO Administrator needs a Pigeonhole Live account but does not need to be a member of your team workspace. 

The SSO Administrator will be given special access to set up the SSO configuration for your organisation. This configuration can be shared across multiple Team Workspaces. 

Once your account manager has attended to your request, your SSO Administrator will see an "SSO Configuration" in the dropdown menu, on the top right-hand side of the Workspace.

Screenshot_2019-10-25_at_3.39.35_PM.png

The SSO administrator will have to perform the following steps to set up SSO for attendees.

Instructions for SSO Administrator

Pigeonhole Live’s SSO is based on SAML 2.0. As the SSO Administrator setting up SSO for Attendees, you will need to configure your IdP application to return the name and email address of the user as attributes or claim roles.

1. Name/ display name

Example of SAML attribute for name:

<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
    <saml:AttributeValue xsi:type="xs:string">John Smith</saml:AttributeValue>
</saml:Attribute>

2. Email address / email 

 Example of SAML attribute for emailaddress:

<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
    <saml:AttributeValue xsi:type="xs:string">j.smith@company.com</saml:AttributeValue>
</saml:Attribute>

Once you have the information required, you can proceed to configure SSO. Follow the instruction for your IdP. If your IdP is not listed, you should still be able to configure your IdP based on one of the instructions listed here:

Configuring SSO for Auth0

Configuring SSO for Okta

Configuring SSO for G Suite

Configuring SSO for Active Directory